Converting To Windows Authentication? Suggestions, Please
Sep 8, 2006
I am presently using MS SQL Server 2000; I have an authentication problem for which I do not have a good solution. Here are the main issues related to the problem:
Standards mandate we change to use Windows authentication
We have an old fat client application that presently works using SQL authentication
We have ad hoc and report users that are members of a domain group that has read only privileges in the database
The database is a union of 8 distinct databases that all run on the same server
There are nearly 1000 stored procedure with a couple hundred of them using references to one of the other 8 databases €“ a couple hundred cross database procedures
All update and record maintenance is performed within the context of the stored procedures; presently, only the login used by the application can execute these procedures
Presently, we can segregate the ad hoc users from the stored procedures because the ad hoc users have a login that is distinct from the application login
Application roles are not usable because of all of the cross database queries and stored procedures; therefore, database roles are used instead of application roles
The problem that I see with trying to go to windows authentication here is that the moment I go to windows authentication I lose the ability to segregate the application stored procedures from the ad hoc users. It seems to me that when we switch to Windows authentication that there is nothing to prevent the ad hoc users from using windows authentication instead of SQL authentication to do any ad hoc work. If this is the case, I see nothing to prevent them from using the stored procedures. Yes, I could grant the users seperate SQL authentication logins, but this still doesn't prevent them from authenticating using windows authentication.
It appears to me that in this case that the moment I change the way that the application authenticates to the database to windows authentication that the ad hoc users get an €œauto upgrade€? to update permission with their ad hoc logins. It would be great if I could keep the users with their read-only group privileges and use application roles to augment their privileges through the application; however, the application roles really only work for a specific database and all of these cross-database stored procedures cause me a big headache with respect to application roles.
To me it looks like modifying the application to use windows authentication is going to create a big security hole that did not previously exist. Does it look best in this situation to stay with SQL authentication? Is there a way out of this problem? I need suggestions.
Somewhat baffled,
Dave
View 8 Replies
ADVERTISEMENT
May 11, 2007
How to give authentication for Send Mail Task component?
View 4 Replies
View Related
Apr 18, 2007
Hi there,I have installed MS SQL Server 2005 on my machine with windows authentication. But now I want to switch the authentication mode to SQL Authentication. I am unable to switch, I can’t find the proper way to do so here in 2005.Could any one help me in doing this?Thank you,-Ahsan
View 1 Replies
View Related
Mar 25, 2004
Hello,
(Using win2k, sqlserver2k, framework 1.1)
I have an fairly data-heavy application that uses Windows authentication (Trusted connection/aspnet account) to connect to Sql Server. The site uses IIS basic authentication.
On the dev server everything works fine but when I move to the live server things get strange and it starts to crawl along. (Pages load OK but then it just crawls as it loads the datagrids etc. Sometimes it brings back incomplete/incorrect data )
BUT When I use Sql Authentication to connect to Sql Server and there is no problem at all!
Ok, there is something obviously wrong with the live server (which is identical setup to dev)but I dont know where to start.
Any ideas??
View 2 Replies
View Related
May 15, 2006
Hi all,
I've got two applications which both have a database on my MS SQL 2000 server. The problem is, one application must use Windows Integrated Authentication (which it is currently using and cannot be changed) whilst the other application which I'm trying to configure must use a SQL password.
Since the server has already been configured to use Windows Integrated Authentication for the existing database and application, how do I configure the other database to use the SQL password?
Thanks.
View 1 Replies
View Related
May 12, 2006
Hi all,
My work is using a shared application
which accesses a MSSQL 2000 database. To access the application, the
folder on the Windows 2003 Server is shared and users can access the
folder through a shared drive.
For the application to access the
database, it uses an ODBC connection to the MSSQL server which
originally used the SA password.
We have recently switched to using
Windows Integrated Authentication because we believe it offers a
higher level of security. However the only way in which we have been
able to enable this is to add the windows users to the SQL server.
The problem with this is that the
application sets permissions for individual users on what records
they can see within the database. We have found that by adding the
windows users to the SQL Server, they can bypass the permissions the
set by the application by simply using any application that can use
an ODBC connection, such as Enterprise Manager, and see all the
database.
One way around this would be to set up
domains of users with access privileges to the tables which reflect
the permissions set by the application, and configuring a view of the
data so they may only see the records that they have permissions to.
However to do this would require a high administrative cost to ensure
that changes made in the application are reflected in the privileges
of the SQL server.
Instead, is there a way the SQL server
can authenticate that the ODBC connection is coming from the correct
application using Windows Integrated Authentication?
This would allow the applcation to
determine security, and stop users from connecting to the SQL server
using other applications.
Alternatively, can the SQL server,
using Windows Integrated Authentication, also ask the application to
supply a username and password?
Any help with this matter would be
greatly appreciated.
Thanks!
View 4 Replies
View Related
Mar 26, 2008
Hallo there,
I just upgraded from Windows XP Pro to Windows Vista Bussiness and tried to reinstall SQL Server 2005 Developers Edition. After the installation i downloaded (using microsoft windows update) and installed all the service packs for sql and vista available.
My problem is when i open sql server management studio and try to connect to my default instance using windows authentication and database engine, an 18456 error occurs.
I enabled all the protocols and all the ports
I disabled windows firewall and antivirus (eset nod32)
I installed all service packs available
I have also installed Visual Studio 2005 without installing sqlexpress
But nothing happens!
Please i am very desperate, any information will be gratefully accepted.
This is my installation Information
Code Snippet
Microsoft SQL Server Management Studio 9.00.3042.00
Microsoft Analysis Services Client Tools 2005.090.3042.00
Microsoft Data Access Components (MDAC) 6.0.6001.18000 (longhorn_rtm.080118-1840)
Microsoft MSXML 3.0 5.0 6.0
Microsoft Internet Explorer 7.0.6001.18000
Microsoft .NET Framework 2.0.50727.1434
Operating System 6.0.6001
Thank you in advance,
Patonios
View 3 Replies
View Related
Mar 13, 2008
I am running Windows Server 2003 R2 standard Edition with SP1, using IIS, and SQL Server 2000 Enterprise Edition. Server running 4 core processors with 4CGB of RAM. I have not changed any entries to the boot.ini or with SQL Server to take advantage of the memory. I am looking for the best way to utilize the hardware in the machine????
This is dedicated DB server under split server configuration
Would it be useful if swith to /3g for AWE enabled option for sp_configure?
Please suggest me the best configuration methods if any
Thanks in advance,
View 4 Replies
View Related
May 8, 2003
Hello
Can anyone tell me what is the difference between sql authentication and windows authentication.
Examples of each would be very useful
Many thanks in advance
Steve
View 2 Replies
View Related
Oct 16, 2006
Would anyone please help me out here. which of the 2 modes of authentication is better and why??
View 3 Replies
View Related
Dec 18, 2006
Hi,
Say, I have configured my SQL to use Mixed Authentication. Now, I have a applicaiton which uses my SQL Server. The application just creates a database in SQL Server and uses the database to store its information.
This application also has a SYSTEM DSN under ODBC through which it accesses the database. For the application to access this database, should I only use SA (as my SQL instance is configured to use Mixed Authentication) or can I use Windows Authentcation too...
If I should only use SA, do we have a documentation which talks about this.
Thanks
Santhosh
View 1 Replies
View Related
Mar 12, 2008
For using different services of SQL SERVER 2005 which is better...
Windows Authentication or SQL Server Authentication?
what are the advantages and disadvantages of both?
View 5 Replies
View Related
Feb 1, 2008
Hi.
I wonder if it is possible to set forms authentication for report manager but leave report server "as it is". I need to authenticate users from external LDAP and can't use windows authentication for report manager, but I would also like to leave report server open for anonymous users. In that way authenticated administrators could create reports which anonymous users could read.
I tested the Security Extension Sample and got it working when I rewrote the authentication part with my own LDAP authentication.
If I have understood correctly, the report manager is just application inside report server so is it possible to use forms authentication with one application but still leave the report server with Windows authentication?
View 1 Replies
View Related
May 31, 2007
I am in the process of rolling out a sql server 2005 enterprise install and had a question regarding authentication. We will be providing sql hosting for a number of groups on our campus, many who are not using our campus-wide active directory, though they all have an AD account.
Windows authentication via the management studio appears to use your AD authentication tokens and will not allow them to enter a username/password combo. Is there any way to configure this?
I would like to use our campus AD for obvious reasons but if there is a requirement for passing tokens this isn't going to work right? It's also going to make database mirroring more of a challenge.
Thanks
View 3 Replies
View Related
Oct 24, 2006
My SQLExpress seems to be set for windows authentication and not sql server authentication ... I am not quite sure why it is set to windows authentication - I installed this with Visual Studio 2005 and it just seemed to be set that way.Am I able to change this - if I choose sql authentication when connecting I get an errorIf someone could answer this point I would be most grateful !!Patrick
View 1 Replies
View Related
Sep 30, 1999
Hello,
I'm trying to use Enterprise Manager in Windows 95, and attempting to
connect to SQL Server with Windows NT Authentication but get message:
Login failed for user '(null)'. Reason: Not associated with a trusted SQL
Server Connection.
I can connect okay using SQL Server Authentication.
How can I connect using Windows NT Authentication?
It's SQL Server 7 and protocol TCP/IP I'm using.
Any help would be appreciated.
View 3 Replies
View Related
Nov 24, 2003
In an effort to eliminate the need to code accounts and passwords into the VB Com calling stored procedures, I would like to use Windows Authentication. I have setup the account that the com is running under to have access to the database. How does this change my connection string. Do I just drop the account and password parameters or do I need to let it know somehow that I want to use Windows Authentication?
Thanks,
Ken Nicholson
View 3 Replies
View Related
Aug 23, 2006
I'm having problems with windows authentication. I'm new to using using Microsoft SQL Server. I just migrated from powerbuilder 8 to powerbuilder 10. I'm using OLE DB and can't get the windows authentication to work within the application. Can anyone help....
View 2 Replies
View Related
Mar 29, 2007
Hi,
I am wondering that do we need to create the separate login at SQL SERVER (server) for all the user using the application for the windows authentication?
How do the windows authentication works? I have a apllication and SQL SERVER (SERVER) running on the same machine. Any user from the same domain can access the application. Application is interacting with the DB through Windows Authentication. Now my question is whether do we need to authenticate each user from the domain at the DB level. That is to craete the login id for all the user for windows authentication.
Thanks,
Rahul Jha
View 1 Replies
View Related
Feb 23, 2007
Hi
How to stop user to login using Windows Authentication.
thanks
asm
View 2 Replies
View Related
Jun 7, 2007
Hi
I remove the windows authentication from enterprise manager.
and Now i want to re-assign the the windows authentication . so can i do it from query analyzer.
asm
View 2 Replies
View Related
Dec 3, 2006
Hi all,You're all stars, really helpful. Maybe one day i can be :)My question is regarding the authentication in Windows SQL Server 2005.We have setup a sa account. We purchase software from a third partythat runs on it. Before their software logs on the sql server as sa,and does its own access control, windows autentication takes over. Itslogs users on correctly i guess, using a more secure link via thedomain. However, I am probably blind, but where can we assign rights toeach domain user? I.e. stop XXY dropping tables, but allow ABC to droptables?I had a brief look through but could not find anything that stood out,in the SQL Manager.ThanksDavidP.S This is SQL Server 2005 Workgroup edition running on a 2003 windowsdomain server. Alongside a SQL 2000 server, which is running fine usingsa accounts.For those in the same timezones as me... have a good evening.
View 1 Replies
View Related
Jul 20, 2005
Hi! Happy New Year!I'm having windows authetication connection problem. Although I cansee all the servers by using SQL Server authentication conncection, Ican see only some of the SQL family servers by using windowsauthentication connection. I checked the servers' properties of that Ican and can't see, but couldn't find any difference. Can someone giveme a direction that will enable me to debugg?If the servers are not in the same domain, how can I see them (windowsauthentication) from the same PC (client)?For some SQL server I even can not login via windows authentication atterminal server. Is any specific setup I should do at server?Thanks!Saiyou
View 1 Replies
View Related
Jul 20, 2005
Hello,We have a SQL 2000 installation (running on NT4 SP6a) with a databaseaccessed by a client application. Currently the application logs into thedatabase using a the SA account. I'd like to move the client access over toWindow Authentication. Each user has their own NT account. What steps do Ineed to take to achieve this?Any help would be greatly appreciated.James G.
View 1 Replies
View Related
Oct 19, 2006
When using Windows Authentication and the Client (xp home edition) has NO PASSWORD and he accesses a server with sqlexpress...does that default him as 'guest'....
What is difference between State 8 Password Mismatch and 9 Invalad password
View 3 Replies
View Related
May 4, 2007
We have an application that uses SQL Server 2005 (Express) as its database server.
We have SQL server and the application database on our server.
To setup the application we need to point it to our database from the clients and specify authentication as either SQL server or Windows Integrated Authentication. We chose Windows Integrated Authentication. This works fine for an administrator user but for a standard user with non administrator privileges , authentication fails and we cant access the database. The client is running Visa Business with UAC on. If I run the application as adminisrator and enter the administartor username and password then I can connect otherwise it is rejected.
How can I can configure SQL server to allow non administrator users to access it using Windows Integarted Authentication.
The server is running SBS 2003
Thanks
View 3 Replies
View Related
Aug 30, 2006
I've got an application that's supposed to use a combination of Windows authentication and Custom authorization, here's how.
Only the administrator can add users, venues, and booking types. In addition, only the administrator can reset a booking password on the bookings table and/or form. I (as the current administrator) want to be able to add a user and grant him/her permissions (either as admin or just user).
Admin access: add new users, venues, booking types, and reset booking password which will be used to grant permission to change booking details such as time and date. When the administrator adds a new user, there's an option (a field called admin on the user table) on whether or not to give the user admin rights, if yes the user is added to both the admin role and the user table
'Normal' user access: add and/or change own booking and change other user's return time and date provided a password is correctly provided. Does not even have to know that there's a user, venue, and a booking type table.
I've read about Windows authentication on the MSDN library but I seem to be getting nowhere and just have no clue where to start.
Help appreciated!
View 7 Replies
View Related
Dec 14, 2007
My organization is in transition of converting from SQL Server 2000 to SQL Server 2005.
Conversion from Visual C++ 6.0 to Visual C++ 2005 is done.
The converted Visual C++ code has OLE DB and has only native code(== no managed code).
The OLE DB uses user name and password information to log into SQL Server 2000.
Microsoft recommand to use Windows Authentication for security reason.
I was informed that Basic Authentication, SQL Server Authentication, or Mixed Authentication
allows OLE DB connectivity with user id and password.
However, I have tried but have not figured out how to use same OLE DB with user Id and password
information to access SQL Server 2005 with Windows Authentication.
Is it possible to use Windows Authentication with OLE DB connectivity with user id and password?
If so, I would greatly appreciate sharing your findings.
Thank you very much for your help in advance.
Paul
View 1 Replies
View Related
Oct 21, 2006
I am new to the whole ASP .NET scene, so my knowledge is very limited, and if I’m not clear enough please let me know. I am reading a book published by APress about ASP .NET with C# and I am at the point where I get to begin working with data (fun!!). The problem is that I’m not able to connect to the SQL Server. I have Server 2003 and SQL Server 2005 running on a separate machine than the computer that I use for development – the server is named THESERVER, the SQL server is named THESQLSERVER, and the computer I use for development is my laptop named MYLAPTOP. So here’s my connection string (I put this in my web.config XML file):<add name="Pubs" connectionString="DataSource=THESERVERTHESQLSERVER; Initial Catalog=pubs;Integrated Securit=SSPI"/> Now here’s what my book reads: For Windows authentication to work, the currently logged-on Windows user must have the required authorization to access the SQL database. This is all it says about Windows authentication because the book assumes that I am running MS SQL Express off localhost. Questions: Does the book mean that I will have to add a user to my server for my laptop? If so, how do I log into this user using the connection string?What does it mean by “the current logged-on Windows user”? Is that referring to the user on my laptop, or a user on the server? I’ve been reading around trying to find more information on exactly how Windows authentication works, but I keep coming up dry. I know that much of this is probably trivial to a lot of you, which is why I am asking because it isn’t to me. Well, thanks in advance for any help that you can provide me.
View 5 Replies
View Related
Apr 26, 2005
I have an asp.net page which accesses a sql server database (on another server).
I am trying to use impersonation to impersonate the domain user accessing the page and use the credentials to access the sql server using a windows login. I have windows authentication checked in IIS settings am using the following web.config:<configuration>
<system.web>
<authentication mode="Windows" /> <identity impersonate="true"/>
<authorization> <allow users="*" /> </authorization>
<customErrors mode="Off" />
</system.web>
</configuration>
I can connect fine when i open the page on the IIS server but from other machines, whilst logged in as the same domain user I get the error:
Login error failed for user ''.
Anybody know what the problem might be?
View 1 Replies
View Related
Jul 20, 2004
Hello,
I'm writing some software for clients and the connection is done via de username passwd methode, not windows authentication. One of the salespeople is creating FUD now, talking about a "major security leak" because, if someone has the username / password, he can view the data in the mssql database. ( seems normal to me for a username/password combination - winNT or not - but this news can be shocking to the uninitiated)
Is there any paper on his comprehensionlevel that deals with this issue?
Or you've got an opinion on this?
Thanx for any pointers,
W13
View 2 Replies
View Related
Mar 7, 2005
Hi All,
My Delphi application is connected to MS SQL Server 2000 database.The connection is establised with SQL Server authentication from the Delphi Application.
My problem is ,
When the SQL Server's Authentication mode is changed to "Windows Only", I change the Connection String attribute to Trusted Connection in which Im not specifying the UserId and Password as shown below.
'Provider=SQLOLEDB.1;Integrated Security=SSPI;Persist Security Info=False;Initial Catalog=TestDb;Data Source=dev-pc006;Use Procedure for Prepare=1;Auto Translate=True;Workstation ID=dev-pc003;Use Encryption for Data=False';
Now the connection is establised and I get "Invalid Object" error if the user id is not prefixed to the objects in the Delphi application's queries.
Is there any way to change the login/user after establishing the connection in Windows Authentication mode.
Thanks in advance.
regards,
Hari Haran Arulmozhi
View 2 Replies
View Related
Sep 15, 2005
Hi,
We are changing our web application to use Windows Authentication instead of SQL Server Authentication.
Initially, we added the IUSR_MACHINENAME user to SQL Server. This works ok when SQL Server and IIS are both running on the same server.
However, this won't work if SQL Server and IIS are on different servers on the same domain.
After doing a lot of research on the internet, it seemed that the answer was to create a user on the domain and use that user in IIS as the anonymous user (and give that user the relevant rights on SQL Server).
However, I've seen other comments in articles on the internet saying "Running any web service as a domain user is ill-advised".
We are using ASP rather than ASP.NET. What is the correct (and most secure) way to go about this?
Best
Matt.
View 1 Replies
View Related